Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER
|
|
- Dora Griffith
- 7 years ago
- Views:
Transcription
1 Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER
2 Table of Contents.... About This Paper Introduction... 3 Smart Card Overview Getting Started... 4 Authenticating into Windows with a Smart Card... 4 Using Smart Cards in VMware View View Connection Server... 5 Remote Desktop (Agent) and Windows Client Setting Up the Certificate Using the View Client Multiple Certificates in a Smart Card Smart Card Single Signon Smart Card Removal Policy Local Mode / Offline Smart Card Authentication Certification Revocation Lists / Online Certificate Status Protocol (OCSP) Summary References About the Author TECHNICAL WHITE PAPER / 2
3 About This Paper This document provides a technical overview on smart cards and certificate authentication in VMware View 4.5 and above. It is not a tutorial; it is intended for security administrators with basic knowledge of authentication techniques. The paper summarizes certificate authentication and provides advice about using VMware View 4.5 and above to perform a variety of authentication and other security-related administration tasks with smart cards on Windows or Linux machines. Introduction The concept of the virtual desktop has enormous appeal to companies that are looking to cut costs and provide more flexible access to resources for authorized users. However, security and access control remain paramount concerns, particularly in industries with stringent regulatory requirements such as the public sector, healthcare, and financial services. Secure authentication via smart card certificates in Common Access Card (CAC), Two Factor Authentication, or etoken form factor can provide a solution. VMware View offers full-fledged smart card certificate authentication for both PCoIP and RDP protocols in either online/remote mode or offline/local mode. VMware View was developed to provide rich, personalized, complete virtual desktops as a managed service. The product makes it possible to consolidate virtual desktops on datacenter servers and manage operating systems, applications and data independently for greater business agility while providing a flexible highperformance desktop experience for end users, over any network. In VMware View 4.5 and above, certificate authentication is supported in the remote display protocol (RDP), PC-over-IP (PCoIP). VMware View 4.5 and above also enhances the offline authentication using smart card. Specifically, VMware View 4.5 and above can provide: Seamless integration of authentication Active Directory object clean up with spontaneous revocation Walkaway or coffee break smart card removal policy Multiple readers and multiple card support Full security for either online or offline desktops A full range of guest OS support, including Windows 7, Vista, and XP Smart Card Overview A smart card is a small tamper-proof computer containing a CPU and a small amount of non-volatile storage for public key certificates and associated keys. Smart cards are commonly used in secure Web access, VPN, Windows login, or digital signing applications. Smart cards provide a way to provide user authentication that is different from normal password authentication. With smart card authentication, you simply insert a smart card into the smart card reader and enter a PIN (typically a 4-8 digit string) and you are authenticated. This type of authentication tests the user s identity by verifying both what they have (the smart card) and what they know (the smart card PIN). TECHNICAL WHITE PAPER / 3
4 When you insert a smart card into a Windows machine, the certificates that are on the smart card are copied to the local certificate store on the machine. All of the certificates stored on the user s computer are available to all applications running on it, including the View Client. To see this list of certificates, go to Start > Control Panel > Internet Options > Content > Certificates and look under the Personal tab. These certificates have many complex properties and to view them, simply select the certificate and click the View button. Getting Started To use smart cards on any Windows machine, you first need to install a few packages to teach Windows how to talk to smart cards. These modules you will install are called CSPs (cryptographic service providers) and serve as intermediaries between Windows and the smart card. The most frequently seen cryptographic providers include: MS CSP Microsoft s smart card Cryptographic Service Provider (CSP) module. The CSP facilitates communication between the device and the smart card. The CSP must be signed by Microsoft, or it won t work on Windows. Typically, the manufacturer of the smart card reader provides a CSP; for example, a Gemalto (previously, Gemplus) reader would use a Gemalto CSP, a Schlumberger reader would use the Schlumberger CSP, and so on. The Microsoft.NET framework includes this crypto API by default. Java Card Heavily used by the Department of Defense, Java Card uses the OpenCard framework standard to access the hardware security module. The Java Card API runs Java applets within the card memory. FIPS 201/PIV, FIPS certified card, and Common Access Card (CAC) are Java Card. Others There are more than 100,000 types of smart cards from different silicon manufacturers where APDU command is the generic interface used to communicate with the card. First, you will need to install a hotfix ( for Windows, which provides the Microsoft Base CSP. This allows you to use smart cards such as Gemalto with Windows. Optionally, you can install the ActivIdentity ActivClient software suite, which provides helpful tools for interacting with smart cards, as well as another CSP to use for ActivIdentity smart cards. When you get the blank smart card, you can retrieve a Windows certificate. See the Setting Up The Certificate section. Authenticating into Windows with a Smart Card The Windows login screen has built-in smart card support, but it waits for you to insert a smart card into your reader even if it s already in there. If you have a smart card reader attached to your machine and are about to log into Windows, you will see a message telling you to insert your smart card. But what Windows listens to is the notification the smart card reader provides to it when a smart card is inserted. So the first thing you need to do is to remove your smart card from your reader and re-insert it. You will now see an entry for a PIN, where you can enter yours. This should log you into Windows. TECHNICAL WHITE PAPER / 4
5 Using Smart Cards in VMware View Before setting up smart card authentication in VMware View, you should make sure to have: The middleware or driver installed on View Client The middleware or driver installed on the virtual desktop Smart card enabled within the View Administrator configuration There are several steps that need to take place to set up smart card authentication for VMware View. View Connection Server This is probably the most difficult part. Refer to the VMware View Administration Guide for the View Connection Server and go to the Smart Card Authentication section. This will walk you through what is required to set your broker up to understand smart cards. Remote Desktop (Agent) and Windows Client Getting and Managing Certificates Now that you have set up your infrastructure to support smart cards, you need to actually put some certificates on your smart card. To view certificate info on your current smart card reader, go to gemalto.com/certmanagement.aspx if you have a Gemalto reader with a Gemalto smart card, or just open the ActivClient software for its supported types of cards and readers. Storing Certificates on a Smart Card To install certificates to a smart card, you must first set up a Windows machine (or virtual machine) as an enrollment station. This basically means that, as an administrator, you are giving this machine the authority to issue smart cards for any user. This desktop must be a member of the domain that you are issuing certificates for. The video instructions to set up the machine as an enrollment station and issue the certificates to the smart card are posted at Smart Card Authentication Details in Windows View Client As mentioned earlier, the Windows View Client accesses a list of all certificates installed to the machine and those copied from a smart card. It then filters through this list and removes any certificates that are not relevant. It uses the following rules to filter through the list: 1 The certificate must be valid according to the computer clock (i.e., not expired and not valid in the future). 2 The certificate must have a private key that can be used for authentication. If this is not the case, the Debug logs will show messages indicating so. 3 The certificate must have a valid user principal name or distinguished name. The distinguished name is also known as a Subject in the Certificate Details screen of Windows. The user principal name looks like an address and can be viewed by looking at the Subject Alternative Name in the Certificate Details screen. 4 The certificate must have the Digital Signature key usage. This can be viewed by looking at the Key Usage field in the Certificate Details screen. 5 The certificate must have the Smart Card Login enhanced key usage. This can be viewed by looking at the Enhanced Key Usage field in the Certificate Details screen. 6 The certificate must be issued by a domain that the View Connection Server allows for authentication. To view this domain, go into the certificate properties, click the Details tab, and look at the issuer field. TECHNICAL WHITE PAPER / 5
6 Setting Up the Certificate To install certificates on a smart card, you must first set up a Windows computer (or virtual machine) as an enrollment station. In this example, you must have already configured the Certificate Authority (CA) on a Windows Server 2003 or 2008 environment, and the server must be a member of the domain for which you are issuing certificates. Save CA root certificate to C:\ TECHNICAL WHITE PAPER / 6
7 In the Advanced tab, select Environment Variables and set the Path in System variables for keytool.exe. In this example it is C:\Program Files\VMware View\Server\jre\bin. Open a Command Prompt and create a trust.key using the command keytool import alias view4ca file certnew.cer keystore trust.key and then answering the prompts. TECHNICAL WHITE PAPER / 7
8 Copy the newly created trust.key to the appropriate location. In this example, it is C:\Program Files\VMware\ VMware View\Server\sslgateway\conf. Using Windows Notepad or a similar text editor, create the file locked.properties, similar to the screenshot below. Note that it is case sensitive. Log in to VMware View Manager, select Configuration, and then Server. TECHNICAL WHITE PAPER / 8
9 As shown in the screenshot below, configure the settings to meet your security policies. In this example, smart card authentication is required, and the user session is disconnected on smart card removal. After clicking on OK, reboot the server. TECHNICAL WHITE PAPER / 9
10 Using the View Client In addition to PKI smart cards, VMware View also supports USB etoken. In this example, you log in using etoken. Next, select the virtual machine, and right-click for options, such as Display Protocol. TECHNICAL WHITE PAPER / 10
11 Next, log on to Windows. TECHNICAL WHITE PAPER / 11
12 Multiple Certificates in a Smart Card If there are multiple valid certificates, VMware View displays a prompt asking the user to select the certificate they would like to use. If there is only one valid certificate, it is used automatically without prompting the user. If certificate authentication fails for any reason, VMware View will automatically default to the normal password authentication if smart card authentication was set to Optional. If it s set to Required in the View Manager administration console, you will not be able to log in without a legitimate certificate. In VMware View 5, users enter the PIN and single signon directly onto the guest desktop in either PCoIP or RDP connection. TECHNICAL WHITE PAPER / 12
13 Smart Card Single Signon In VMware View 4.5 and above, you can use smart card for single signon, which means that after the user enters their PIN to authenticate to the View Connection Server, VMware View will not require them to enter their PIN again to log into their remote desktop. The smart card PIN is transmitted to the broker during authentication, where the broker remembers this encrypted PIN while the session is active. When the user connects to a remote desktop, the broker sends the encrypted PIN to the remote desktop and our custom login module automatically logs the user in using the redirected smart card and the PIN sent to it by the View Connection Server. TECHNICAL WHITE PAPER / 13
14 Smart Card Removal Policy This feature, introduced in VMware View 4.0, allows the system to be configured to lock the user desktop upon smart card removal. You can use View Administrator to specify settings to accommodate different smart card authentication scenarios. The detailed step-by-step instructions can be found in the View Manager Administrator Guide, on page 103. If you configure View Client to access Connection Server with the Log in As Current User option checked, smart card removal policy will not apply. Once the smart card is removed during online mode, the remote desktop just disconnects; it does not logout. So the unsaved contents should be still there. However, if you have configured the pool settings logout immediately after disconnect, your session will first disconnect, then logout, and the contents will not be saved. For the local/offline mode, removing the smart card will cause the local desktops to be suspended/ disconnected; however, all unsaved contents will still be saved. TECHNICAL WHITE PAPER / 14
15 Local Mode / Offline Smart Card Authentication If you configure the View Connection Server to log in with smart card in the online mode, it will impact the checked-out offline desktop login session to log in with smart card as well. The local mode authentication method will use or remember the last known good log in method. For offline smart card authentication, using a cached credential login along with a smart card certificate will allow you single signon to the guest desktop. Please note the USB redirection for smart card drop-down menu item is not available in the local mode configuration for the smart card reader (to avoid pass-through reader and virtual reader conflict). In the offline desktop session, you connect the View Client as you would in establishing a regular session. During the authentication, View Client notices the View Connection Server is not online and will default to the cached credentials. It is critical that your smart card with valid certificate is authenticated and logged into the View environment once before you use it in the offline mode. If it s a brand new smart card, it will not be usable in offline without a previous successful login. TECHNICAL WHITE PAPER / 15
16 The initial launch of View Client requires a PIN entry. Reconnecting back to checked-out desktop using smart card in local mode with PIN entry. TECHNICAL WHITE PAPER / 16
17 Log in to local mode session. Smart card removed during local mode session. TECHNICAL WHITE PAPER / 17
18 When the smart card is removed during the session, the desktop is suspended immediately if the smart card removal policy is set at the View Manager Administration console. Certification Revocation Lists / Online Certificate Status Protocol (OCSP) In the event that workers leave the company and their smart card certificates are no longer valid, a certificate revocation list (CRL) is generated and published periodically, after a clearly defined timeframe (Wikipedia: A CRL can also be published immediately after a certificate has been revoked. CRL has a known minor drawback in that it tends to be slow. View Manager supports certificate revocation checking with certificate revocation lists (CRLs) and with the Online Certificate Status Protocol (OCSP). A CRL is a list of revoked certificates that is published by the CA that issued the certificates. OCSP is a certificate validation protocol that is used to get the revocation status of an X.509 certificate. To enable CRL in View environment, you can edit the locked.properties file on the View Connection Server or security server host. The detailed information can be found in the Configure Smart Card Authentication section from the VMware View Administrator s Guide. For example: <install_directory>\vmware\vmware View\Server\sslgateway\conf\locked.propertiesenabledRev ocationchecking=true crllocation = OCSPURL= ocspsigningcert=ocsp-signing.cer If OCSP is not configured or not working, VMware View will fall back to CRL for the revocation policy. The detailed instructions are available in the VMware View Manager Administration Guide. TECHNICAL WHITE PAPER / 18
19 Summary VMware View offers full-fledged smart card certificate authentication for both PCoIP and RDP protocols in either online/remote mode or offline/local mode. VMware View is also available on the Linux platform. The Linux commercial client is only available to our thin client partners with full support of PCoIP and RDP. For the open Linux client, users can use the smart card authentication with RDP. As public sector, healthcare, and financial verticals evaluate the virtual desktop concept and its benefits and challenges, they will find that VMware View offers an excellent solution that helps cut costs while improving access control and security. References WP Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services View Manager Administration Guide Smart Card Infrastructure MSDN Blog About the Author Cynthia Hsieh is a Senior Technical Marketing Manager at VMware. She focuses on application integration, proof of concepts, and security subjects. Hsieh s previous background includes product management positions at Wyse, Trend Micro, Oracle, and Yahoo. Information in this document is adapted from internal Wiki pages by Adam Gross, who is a Member of the Technical Staff responsible for smart card authentication development at VMware. Thanks also to Jim Zhang (Sr. QA Engineer, VMware) for validating the content accuracy and for providing subject expertise. VMware, Inc Hillview Avenue Palo Alto CA USA Tel Fax Copyright 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: VMW_11Q3_WP_SmartCard_EN_P13_R3
Implementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware
Implementing Federal Personal Identity Verification for VMware View By Bryan Salek, Federal Desktop Systems Engineer, VMware Technical WHITE PAPER Introduction This guide explains how to implement authentication
More informationThinPrint GPO Configuration for Location-Based Printing
ThinPrint GPO Configuration for Location-Based Printing I N F O R M AT I O N G U I D E Table of Contents Summary................................................................... 3 Environment................................................................
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationIntegration with Active Directory
VMWARE TECHNICAL NOTE VMware ACE Integration with Active Directory This document explains how to set up Active Directory to use with VMware ACE. This document contains the following topics: About Active
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and More Leostream Connect Administrator s Guide and End User s Manual Version 3.5 / 3.1 January 14, 2016
More informationYubiKey PIV Deployment Guide
YubiKey PIV Deployment Guide Best Practices and Basic Setup YubiKey 4, YubiKey 4 Nano, YubiKey NEO, YubiKey NEO-n YubiKey PIV Deployment Guide 2016 Yubico. All rights reserved. Page 1 of 27 Copyright 2016
More informationProtecting Juniper SA using Certificate-Based Authentication. Quick Start Guide
Protecting Juniper SA using Certificate-Based Authentication Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationAdministration Guide ActivClient for Windows 6.2
Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12
More informationSecurity Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER
Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER Contents Introduction... 2 Surface Area... 3 SSL Configuration... 5 Authentication... 6 Adapter... 6 Broker Agent...
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationHow to Migrate Citrix XenApp to VMware Horizon 6 TECHNICAL WHITE PAPER
How to Migrate Citrix XenApp to VMware Horizon 6 TECHNICAL WHITE PAPER Table of Contents Introduction... 3 Horizon and XenApp Components Comparison.... 4 Preparing for the Migration.... 5 Three Approaches
More informationVeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
More informationGetting Started with VMware Fusion
Getting Started with VMware Fusion VMware Fusion for Mac OS X 2008 2012 EN-000933-00 2 Getting Started with VMware Fusion You can find the most up-to-date technical documentation on the VMware Web site
More informationVMware Virtual Desktop Manager User Authentication Guide
Technical Note VMware Virtual Desktop Manager User Authentication Guide VMware Virtual Desktop Manager The purpose of this guide is to provide details of user authentication in VMware Virtual Desktop Manager
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationThinPoint Quick Start Guide
ThinPoint Quick Start Guide 2 ThinPoint Quick Start Guide Table of Contents Part 1 Introduction 3 Part 2 ThinPoint Windows Host Installation 3 1 Compatibility... list 3 2 Pre-requisites... 3 3 Installation...
More informationExplore the VMware Horizon 6 Toolbox Auditing and Remote Assistance Capabilities
Explore the VMware Horizon 6 Toolbox Auditing and Remote Assistance Capabilities VMware Horizon Toolbox 1.5 WHITE PAPER Table of Contents Downloading Horizon Toolbox.... 3 Auditing Tab.... 4 Auditing Sessions...
More informationVMware Horizon FLEX User Guide
Horizon FLEX 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationConfiguring Single Sign-On from the VMware Identity Manager Service to Office 365
Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding
More informationvcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3
vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationManaging Multi-Hypervisor Environments with vcenter Server
Managing Multi-Hypervisor Environments with vcenter Server vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.0 This document supports the version of each product listed and supports all subsequent
More informationVMware vcenter Support Assistant 5.1.1
VMware vcenter.ga September 25, 2013 GA Last updated: September 24, 2013 Check for additions and updates to these release notes. RELEASE NOTES What s in the Release Notes The release notes cover the following
More informationPrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Dropbox
Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox VMware Identity Manager SEPTEMBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Dropbox Table of Contents
More informationOutlook Web Access 2003 Remote User Guide
UNITED STATES COAST GUARD Outlook Web Access 2003 Remote User Guide Using Common Access Card Access TISCOM TIS-42 07/29/2008 Version 1.0 CAC Enabled Outlook Web Access CAC Enabled OWA is a way to view
More informationTwo Factor Authentication in SonicOS
Two Factor Authentication in SonicOS 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage
More informationIntegrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0
Integrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0 This document supports the version of each product listed and supports all subsequent versions until the document
More informationCertificate Revocation Checking Using OCSP and CRL in VMware View 4.5/4.6 TECHNICAL WHITE PAPER
Certificate Revocation Checking Using OCSP and CRL in VMware View 4.5/4.6 TECHNICAL WHITE PAPER Table of Contents Introduction... 3 About VMware View.... 3 About Smart Card Certificate Authentication....
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications
Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationCloud Director User's Guide
Cloud Director 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationReconfiguration of VMware vcenter Update Manager
Reconfiguration of VMware vcenter Update Manager Update 1 vcenter Update Manager 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationMicrosoft Windows Server 2003 Integration Guide
15370 Barranca Parkway Irvine, CA 92618 USA Microsoft Windows Server 2003 Integration Guide 2008 HID Global Corporation. All rights reserved. 47A3-905, A.1 C200 and C700 December 1, 2008 Crescendo Integration
More informationInstalling and Configuring vcenter Multi-Hypervisor Manager
Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent
More informationApplication Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008
7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned
More informationSECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0
SECO Whitepaper SuisseID Smart Card Logon Configuration Guide Prepared for SECO Publish Date 19.05.2010 Version V1.0 Prepared by Martin Sieber (Microsoft) Contributors Kunal Kodkani (Microsoft) Template
More informationVMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES
APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVMware Horizon FLEX Solution Brief
VMware Solution Brief VMware 1.8 WHITE PAPER VMware Solution Brief Table of Contents What Is VMware?.... 3 Terminology for... 4 Key Benefits of.... 5 Deploying.... 6 Supported Host Operating Systems for....
More informationVMware vrealize Operations for Horizon Security
VMware vrealize Operations for Horizon Security vrealize Operations for Horizon 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationUse of Common Access Cards (CACs) from Home on Windows 7 without Middleware
Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware Problem: Microsoft Windows 7 includes a native capability to read and use the newest CACbased PKI certificates without installing
More informationViPNet ThinClient 3.3. Quick Start
ViPNet ThinClient 3.3 Quick Start 1991 2014 Infotecs Americas. All rights reserved. Version: 00060-07 34 02 ENU This document is included in the software distribution kit and is subject to the same terms
More informationTransitioning to Leostream from HP SAM
Transitioning to Leostream from HP SAM Overview This document aims to ease your transition from HP SAM to the Leostream Connection Broker. We want to assure you that the path is not fraught with peril.
More informationYubico PIV Management Tools
Yubico PIV Management Tools Active Directory Smart Card Logon using the YubiKey NEO or NEO-n Document Version 1.0 April 15, 2015 Yubico PIV Management Tools 2015 Yubico. All rights reserved. Page 1 of
More informationVMware Horizon FLEX User Guide
Horizon FLEX 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationVMware vrealize Operations for Horizon Security
VMware vrealize Operations for Horizon Security vrealize Operations for Horizon 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is
More informationTroubleshooting smart card logon authentication on active directory
Troubleshooting smart card logon authentication on active directory Version 1.0 Prepared by: "Vincent Le Toux" Date: 2014-06-11 1 Table of Contents Table of Contents Revision History Error messages The
More informationConnection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V
Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com
More informationVMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1
VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1 This document supports the version of each product listed and supports all subsequent versions
More informationPC-Duo Web Console Installation Guide
PC-Duo Web Console Installation Guide Release 12.1 August 2012 Vector Networks, Inc. 541 Tenth Street, Unit 123 Atlanta, GA 30318 (800) 330-5035 http://www.vector-networks.com Copyright 2012 Vector Networks
More informationvsphere Host Profiles
ESXi 5.1 vcenter Server 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationDeploying Microsoft RemoteFX on a Single Remote Desktop Virtualization Host Server Step-by-Step Guide
Deploying Microsoft RemoteFX on a Single Remote Desktop Virtualization Host Server Step-by-Step Guide Microsoft Corporation Published: October 2010 Abstract This step-by-step guide walks you through the
More informationGetting Started with ESXi Embedded
ESXi 4.1 Embedded vcenter Server 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent
More informationUSER GUIDE WWPass Security for Windows Logon
USER GUIDE WWPass Security for Windows Logon December 2015 TABLE OF CONTENTS Chapter 1 Welcome... 3 Introducing WWPass Security for Windows Logon... 4 Related Documentation... 4 Presenting Your PassKey
More informationProcedure for How to Enroll for Digital Signature
Procedure for How to Enroll for Digital Signature In Online Processing System getting to implement Digital Signature and Electronic Token for security and Authentication Purpose. For that bidder must have
More informationWindows and MAC User Handbook Remote and Secure Connection Version 1.01 09/19/2013. User Handbook
Windows and MAC User Handbook How to Connect Your PC or MAC Remotely and Securely to Your U.S. Department of Commerce Account Developed for You by the Office of IT Services (OITS)/IT Service Desk *** For
More informationDirector and Certificate Authority Issuance
VMware vcloud Director and Certificate Authority Issuance Leveraging QuoVadis Certificate Authority with VMware vcloud Director TECHNICAL WHITE PAPER OCTOBER 2012 Table of Contents Introduction.... 3 Process
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to WebEx
Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services
Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services VMware Identity Manager OCTOBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Amazon Web
More informationVMware Horizon FLEX 1.5 WHITE PAPER
WHITE PAPER Table of Contents What Is VMware Horizon FLEX?... 3 Terminology for Horizon FLEX.... 4 Key Benefits of Horizon FLEX... 4 Deploying Horizon FLEX.... 5 Tested Host Operating Systems for Horizon
More informationVMware Horizon FLEX User Guide
Horizon FLEX 1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationHow To Configure An Activcard Smart Card With An Hp Powerbook On A Pc Or Ipa (Powerbook) On A Powerbook 2 (Powercard) On An Hpla 2 (Ahemos) Or Powerbook (Power Card
Implementing ActivIdentity Smart Cards for Use with HP Compaq t5720 Thin Clients and HP Blade PCs Introduction............................................................ 2 Prerequisites............................................................
More informationPortions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.
Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information
More information2XApplication Server XG v10.6
2XApplication Server XG v10.6 Introduction 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are
More information2X ApplicationServer & LoadBalancer Manual
2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,
More informationDell OpenManage Mobile Version 1.4 User s Guide (Android)
Dell OpenManage Mobile Version 1.4 User s Guide (Android) Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION
More informationCreating and Issuing the Workstation Authentication Certificate Template on the Certification Authority
In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we
More informationLeostream Corporation leostream.com help@leostream.com Share this Whitepaper!
Introduction... 3 Advantages of Providing Remote Access to Personal PC... 4 Disadvantages of Typical Remote Access Solutions in a Corporate Environment... 5 Why Use Leostream for Remote Access... 5 Using
More informationSafeNet Authentication Client (Windows)
SafeNet Authentication Client (Windows) Version 8.1 SP1 Revision A User s Guide Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationRequest Manager Installation and Configuration Guide
Request Manager Installation and Configuration Guide vcloud Request Manager 1.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationUse Enterprise SSO as the Credential Server for Protected Sites
Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured
More informationNexio Connectus with Nexio G-Scribe
Nexio Connectus with Nexio G-Scribe 2.1.2 3/20/2014 Edition: A 2.1.2 Publication Information 2014 Imagine Communications. Proprietary and Confidential. Imagine Communications considers this document and
More informationSmart Card Setup Guide
Smart Card Setup Guide K Apple Computer, Inc. 2006 Apple Computer, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of
More informationMigrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0
Technical Note Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0 This technical note describes the process for migrating an existing Windows PC to run as a virtual machine with VMware Fusion
More informationGetting Started with VMware Fusion. VMware Fusion for Mac OS X
Getting Started with VMware Fusion VMware Fusion for Mac OS X 2 Getting Started with VMware Fusion Getting Started with VMware Fusion Item: EN-000189-00 You can find the most up-to-date technical documentation
More informationDeploying Microsoft RemoteFX for Personal Virtual Desktops Step-by-Step Guide
Deploying Microsoft RemoteFX for Personal Virtual Desktops Step-by-Step Guide Microsoft Corporation Published: June 2010 Abstract This step-by-step guide walks you through the process of setting up a working
More informationSAS 9.3 Foundation for Microsoft Windows
Software License Renewal Instructions SAS 9.3 Foundation for Microsoft Windows Note: In this document, references to Microsoft Windows or Windows include Microsoft Windows for x64. SAS software is licensed
More informationConnection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Citrix XenDesktop, XenServer & XenApp
Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Citrix XenDesktop, XenServer & XenApp Version 8.0 December 9, 2014 Contacting Leostream Leostream Corporation
More informationNetwork Automation 9.22 Features: RIM and PKI Authentication July 31, 2013
Network Automation 9.22 Features: RIM and PKI Authentication July 31, 2013 Brought to you by Vivit Network Management Special Interest Group (SIG) Leaders: Wendy Wheeler and Chris Powers www.vivit-worldwide.org
More informationOracle Enterprise Manager
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft Active Directory Release 12.1.0.1.0 E28548-04 February 2014 Microsoft Active Directory, which is included with Microsoft
More informationRemote Desktop Services User's Guide
Contents Remote Desktop Services Document Revision Control Revision Description Author DATE 1.0 Initial Release Karen M. Hess 3/24/2015 1.1 Added section for viewing mapped drives Karen M. Hess 4/15/2015
More informationDevice LinkUP + Desktop LP Guide RDP
Device LinkUP + Desktop LP Guide RDP Version 2.1 January 2016 Copyright 2015 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationSetting up VMware ESXi for 2X VirtualDesktopServer Manual
Setting up VMware ESXi for 2X VirtualDesktopServer Manual URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples
More informationEnterprise Desktop Solutions: VMware View 4.5
C H E A T S H E E T Enterprise Desktop Solutions: What is VMware View? VMware View 4.5 is the leading desktop virtualization solution, built for delivering desktops as a managed service from the platform
More informationX.509 Certificate Generator User Manual
X.509 Certificate Generator User Manual Introduction X.509 Certificate Generator is a tool that allows you to generate digital certificates in PFX format, on Microsoft Certificate Store or directly on
More informationTroubleshooting File and Printer Sharing in Microsoft Windows XP
Operating System Troubleshooting File and Printer Sharing in Microsoft Windows XP Microsoft Corporation Published: November 2003 Updated: August 2004 Abstract File and printer sharing for Microsoft Windows
More informationQuick Start Guide for VMware and Windows 7
PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the
More informationReconfiguring VMware vsphere Update Manager
Reconfiguring VMware vsphere Update Manager vsphere Update Manager 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationHow To Use A Vmware View For A Patient Care System
Delivering Epic Hyperspace Through VMware View Using Kiosk Mode and Zero Clients Reference Implementation for a VMware Point-of-Care Solution WHITE PAPER About VMware Reference Implementations VMware Reference
More informationHOTPin Integration Guide: DirectAccess
1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More information2X SecureRemoteDesktop. Version 1.1
2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious
More informationVMware vcenter Discovered Machines Import Tool User's Guide Version 5.3.0.25 for vcenter Configuration Manager 5.3
VMware vcenter Discovered Machines Import Tool User's Guide Version 5.3.0.25 for vcenter Configuration Manager 5.3 This document supports the version of each product listed and supports all subsequent
More informationMCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services, Part 1 Objectives Describe the Remote Desktop
More informationOracle Virtual Desktop Infrastructure. VDI Demo (Microsoft Remote Desktop Services) for Version 3.2
Oracle Virtual Desktop Infrastructure VDI Demo (Microsoft Remote Desktop Services) for Version 2 April 2011 Copyright 2011, Oracle and/or its affiliates. All rights reserved. This software and related
More informationDell SonicWALL Aventail 10.6.5 Connect Tunnel User Guide
Dell SonicWALL Aventail 10.6.5 Connect Tunnel User Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates
More information